Example of configuring Internet access for a dedicated server via a cloud router

Example of configuring Internet access for a dedicated server via a cloud router

Purpose of customization⁠

Unite the dedicated server, cloud server and cloud router by private L3 network and organize Internet access for the dedicated server through the cloud router, which will allow to limit direct Internet access for the dedicated server.

To do this, you need to connect the dedicated server, cloud server, and cloud router with a private network using a global router. After that, configure routing in the network so that all devices can see each other and Internet traffic from the dedicated server goes through the cloud router.

What you need to customize⁠

Device	Device settings in the example
Dedicated server on a private subnet	Ubuntu 22.04 is installed on the server; the server is added to private network VLAN 2044, subnet 192.168.0.0.0/29; 192.168.0.2 is configured on the local interface
Cloud server on a private subnet	The server is added to the private subnet 172.16.0.0.0/29; address 172.16.0.2 is configured on the local port
A cloud router on a private subnet with a public IP address	The router is created in the same project as the cloud server; A private subnet of cloud server 172.16.0.0.0/29 with the address 172.16.0.3 is connected to the router; router is connected to an external network with public address 203.0.113.10

Customization result⁠

The dedicated server, cloud server and cloud router will be interconnected by a private L3 network, and internet access will be organized for the dedicated server through the cloud router:

Customization steps⁠

1. Create a global router.
2. Connect the dedicated server subnet to the global router.
3. Connect the cloud platform project subnet to a global router.
4. Prescribe a route in the cloud platform project subnet.
5. Prescribe a route on the cloud router.
6. Prescribe a route on a dedicated server.
7. Prescribe a route on the global router.

1. Create a global router⁠

1. In the control panel, click Products in the top menu and select Servercore Global Router.
2. Click Create router. Each account has a limit of five global routers.
3. Enter the name of the router.
4. Click Create.
5. If the router is created with the status ERROR or hangs in one of the statuses, create a ticket.

2. Connect the dedicated server subnet to the global router⁠

1. In the control panel, click Products in the top menu and select Servercore Global Router.
2. Open the router page.
3. Click Create Network.
4. Enter a network name, this will only be used in the control panel.
5. Select a Servers and Hardware service.
6. Select a pool.
7. Select the VLAN, in the example, VLAN 2044.
8. Enter the subnet name — this will only be used in the control panel.
9. Enter the CIDR — IP address and private subnet mask, in the example — 192.168.0.0.0/29.
10. Enter the gateway IP address or leave the first address from the subnet assigned by default, in the example 192.168.0.1. Do not assign this address to your devices to avoid disrupting the network.
11. Enter service IP addresses or leave the last addresses from the subnet assigned by default, in the example 192.168.0.5 and 192.168.0.6. Do not assign these addresses to your devices so as not to disrupt the network.
12. Click Create Network.
13. Optional: Check the network topology on the global router. In the control panel, click Products → Servercore Global Router in the top menu . Open the page of the desired router and click Network Map.

3. Connect the cloud platform project subnet to a global router⁠

1. In the Control panel, on the top menu, click Products and select Cloud Servers.

2. Go to the Network section.

3. Open the Private Networks tab.

4. Check that the network to which the cloud platform project subnet belongs is not yet connected to any of the account's global routers — it does not have a Global Router tag.

5. From the menu of the network, select Connect to Global Router.

6. Select the global router.

7. For each of the network subnets, enter the IP address that will be assigned to the router, or leave the first available address from the subnet assigned by default, in the example, 172.16.0.1. Do not assign this address to your devices so as not to disrupt the network. The last two free subnet addresses will be reserved as service addresses.

8. Click Connect. Do not close the window until you see a message that the network is connected. After that, in the Control Panel:

   • the network will appear under Servercore Global Router on the page of the router to which you connected it;
   • under Cloud Servers → Network → on the Private Networks tab, the network will have the Global Router tag.

4. Prescribe a route in the subnet of the cloud platform project⁠

Write a static route for the subnet of the cloud platform project that connected to the global router.

When setting up, specify:

• destination subnet — the subnet of the dedicated server on the global router, in the example — 192.168.0.0.0/29;
• gateway — the subnet gateway of the cloud platform project on the global router, in the example — 172.16.0.1;
• The source subnet is the subnet of the cloud platform project on the global router, in the example it is 172.16.0.0/29.

5. Prescribe a route on the cloud router⁠

Static routes on a cloud router can only be configured through the Openstack API.

1. Open the OpenStack CLI.

2. Create a static route:

   openstack router set --route destination=192.168.0.0/29,gateway=172.16.0.1 13b6da27-4409-456c-b9aa-5dcf84690aaf

   Here:

   • 192.168.0.0/29 — subnet of the dedicated server on the global router with mask;
   • 172.16.0.1 — subnet gateway of the cloud platform project on the global router;
   • 13b6da27-4409-456c-b9aa-5dcf84690aaf — The UUID of the cloud router, you can view it in the control panel in the top menu, click Products → Cloud Servers → Network → tab Cloud routers → alphanumeric value under the router name.

6. Specify a route on a dedicated server⁠

The configuration process is described for Ubuntu 22.04. If you need to specify routes on a Debian, CentOS or Windows server, use the instructions Specify Routes on Servers.

1. Connect to the server.

2. Open the CLI.

3. Open the network configuration file with a vi text editor, in Ubuntu 22.04 this is the netplan utility configuration file:

   vi /etc/netplan/01-netcfg.yaml

4. At the end of the data block of the desired network interface, add a route:

   routes:
     - to: 0.0.0.0/0
       via: 192.168.0.1

   Here:

   • 0.0.0.0/0 — default subnet for sending Internet traffic;
   • 192.168.0.1 — subnet gateway of the dedicated server on the global router.

5. Save the file.

6. Check the settings:

   sudo netplan try

7. Apply the changes:

   netplan apply

7. Prescribe a route on the global router⁠

1. In the control panel, on the top menu, click Products and select Servercore Global Router.
2. Open the router page → Static Routes tab.
3. Click Create Route.
4. Enter a route name — any name, it will only appear in the control panel.
5. Enter the CIDR of the destination subnet 0.0.0.0.0/0.
6. Enter the Next hop IP address — the private IP address of the cloud router, in the example it is 172.16.0.3.
7. Click Create.